Simple phpmyadmin question

Discussion in 'HOWTO-Related Questions' started by breakaway, Mar 23, 2013.

  1. breakaway

    breakaway New Member

    Hello gentlemen,

    My setup is an Ubuntu 12.10 system.

    I have used this guide to successfully set up the server. However I have a problem with phpMyAdmin.



    Page #4 of the guide states to add a specific nginix directive inside ISPConfig to enable phpMyAdmin for a specific site.

    Now being security concious I only want phpMyAdmin to work over https.

    So I have added the following code snippet

    Code:
    location /phpmyadmin {
           root /usr/share/;
           index index.php index.html index.htm;
           location ~ ^/phpmyadmin/(.+\.php)$ {
           try_files $uri =404;
           root /usr/share/;
           fastcgi_pass unix:/var/run/php5-fpm.sock;
           fastcgi_param HTTPS on; # <-- add this line
           fastcgi_index index.php;
           fastcgi_param SCRIPT_FILENAME $request_filename;
           include /etc/nginx/fastcgi_params;
           fastcgi_param PATH_INFO $fastcgi_script_name;
           fastcgi_buffer_size 128k;
           fastcgi_buffers 256 4k;
           fastcgi_busy_buffers_size 256k;
           fastcgi_temp_file_write_size 256k;
           fastcgi_intercept_errors on;
           }
           location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
           root /usr/share/;
           }
    }
    location /phpMyAdmin {
           rewrite ^/* /phpmyadmin last;
    }
    As per the guide says.

    However, I have found that even after saving the above directive into ISPConfig for that site and reloading (and also restarting) nginx, phpMyAdmin is accessible via http on port 8081! If I try HTTPS port 8081 it won't work - firefox produces a

    Code:
    SSL received a record that exceeded the maximum permissible length.
    error.

    How can I force this (phpmyadmin) to ONLY work over HTTPS?

    Thanks in advance!
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    This is the apps vhost that comes with ISPConfig. you can find it in /etc/nginx/sites-available/apps.vhost. If you like to disable phpMyAdmin there, please don't forget to disable it in the apps vhost template in /usr/local/ispconfig/server/conf as well.
     
  3. breakaway

    breakaway New Member

    Hi Falko,

    I am not wanting to disable phpMyAdmin, I am wanting to make it HTTPS only -- i.e. it is only accessible by https://my.server:8081/phpmyadmin and not by http://my.server:8081/phpmyadmin.

    At the moment I can access it via HTTP only, HTTPS gives an error.

    How can I configure it for https ONLY?
     
  4. breakaway

    breakaway New Member

    Hi,

    I'm still trying to fix this -- can anyone lend a hand?

    I have edited the

    Code:
     location /phpmyadmin { }
    directive in

    Code:
    /etc/nginx/sites-available/apps.vhost
    and added

    Code:
    fastcgi_param HTTPS on;
    and restarted nginx but it doesn't help!

    I found there is already a line there that says

    Code:
    fastcgi_param HTTPS $https;
    Where is the $HTTPS variable defined? I can't find it in that file. Also commenting out this particular variable-driven line and forcing it with fastcgi_param HTTPS on; doesn't seem to help either. Navigating to https://my.server.tld:8081/phpmyadmin gives me an error, whereas http://my.server.tld:8081/phpmyadmin works.

    I have a feeling I'm editing the wrong file(s)!

    Any help appreciated!

    EDIT: I have found that I am able to access both phpMyAdmin AND SquirrelMail on http://site.server.tld:8081/phpmyadmin or http://site.server.tld:8081/squirrelmail REGARDLESS of wether the directives are present or not inside ISPConfig in Sites > Domains > Optoins > nginx Directives.

    I thought without the directives there, that particular site shouldn't have phpMyAdmin or SquirrelMail? Is my understanding of that incorrect? The guide says the following:

     
    Last edited: Apr 2, 2013
  5. darinpeterson

    darinpeterson Member HowtoForge Supporter

    Hi breakaway,

    After installing ISPConfig 3, there is no need to change anything to access phpmyadmin securely.

    I install ISPConfig on port 443, so I simply do:
    Code:
    https://host.ispconfigserver.tld/phpmyadmin
    
    There is no need to configure your phpmyadmin on port 8081 or any of that other stuff...

    Regards,
    Darin
     
  6. breakaway

    breakaway New Member

    Thanks for the reply Darin but that doesn't work for me. In fact the guide I am using states specifically (link to that page) that if you are using nginx then phpmyadmin will not work 'out of the box' - it says you need to add some directives under EACH SITE that requires phpmyadmin/squirrelmail to make it active.

    But I found that real-world behaviour is actually very different as per my posts above.

    Are you running nginx?

    Anyway I managed to figure it out with a friend's help.

    Note that my end goal was to have phpmyadmin/squirrelmail accesible by https://my.server.tld:8081/phpmyadmin and https://my.server.tld:8081/webmail respectively, via https ONLY.

    The resolution was to edit

    Code:
    /etc/nginx/sites-available/apps.vhost
    To include the following 3 lines

    Code:
            ssl on;
            ssl_certificate   /etc/ssl/certs/ssl-cert-snakeoil.pem;
            ssl_certificate_key    /etc/ssl/private/ssl-cert-snakeoil.key;
    And restart nginx. It now works.

    Note that this is a self signed SSL Cert so obviouly it is better to replace it with a proper cert.
     
    Last edited: Apr 2, 2013
  7. darinpeterson

    darinpeterson Member HowtoForge Supporter

    I am not using nginx. I seem to have missed that important detail. :)

    Thanks for posting your solution here!

    Darin
     

Share This Page